email-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Step 2: "Fetch emails" using gmail_search_messages, gmail_read_message, gmail_read_thread) ingests and interprets users' inbox emails — untrusted third-party messages — to make triage decisions and draft replies, allowing embedded instructions in those emails to influence agent actions.